1 files changed, 20 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
new file mode 100644
index 0000000000..6ee1f8da30
--- /dev/null
+++ b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
@@ -0,0 +1,20 @@
+Use-after-free detected with static analysis.
+CVE: CVE-2019-7317
+Upstream-Status: Submitted [https://github.com/glennrp/libpng/issues/275]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+diff --git a/png.c b/png.c
+index 9d9926f638..efd1aecfbd 100644
+--- a/png.c
+++ b/png.c
+@@ -4588,8 +4588,7 @@ png_image_free(png_imagep image)
+    if (image != NULL && image->opaque != NULL &&
+       image->opaque->error_buf == NULL)
+    {
+-      /* Ignore errors here: */
+-      (void)png_safe_execute(image, png_image_free_function, image);
+      png_image_free_function(image);
+       image->opaque = NULL;
+    }
+ }

diff --git a/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch new file mode 100644 index 0000000000..6ee1f8da30 --- /dev/null +++ b/meta/recipes-multimedia/libpng/libpng/CVE-2019-7317.patch
@@ -0,0 +1,20 @@
	1	Use-after-free detected with static analysis.
	2
	3	CVE: CVE-2019-7317
	4	Upstream-Status: Submitted [https://github.com/glennrp/libpng/issues/275]
	5	Signed-off-by: Ross Burton <ross.burton@intel.com>
	6
	7	diff --git a/png.c b/png.c
	8	index 9d9926f638..efd1aecfbd 100644
	9	--- a/png.c
	10	+++ b/png.c
	11	@@ -4588,8 +4588,7 @@ png_image_free(png_imagep image)
	12	if (image != NULL && image->opaque != NULL &&
	13	image->opaque->error_buf == NULL)
	14	{
	15	- /* Ignore errors here: */
	16	- (void)png_safe_execute(image, png_image_free_function, image);
	17	+ png_image_free_function(image);
	18	image->opaque = NULL;
	19	}
	20	}